Dual / Triple WAN HowTo | DHCP scripts on Page 5!!!!

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 66, 67, 68
Author Message
scottinthesouth
DD-WRT Novice


Joined: 27 Jan 2013
Posts: 3

PostPosted: Mon Jan 28, 2013 3:04    Post subject: Dual Wan Load balancing Reply with quote
OK. I have the ports configured. I can get out on either hte default WAN port or the one I configured, but the load balancing doesn't work. Anyone help?

the default ports were set on vlan1 with the WAN on vlan 2 (4 5) so I created vlan3 (3 5).

I used the following startup script:

#!/bin/ash
IF0=br0
IF1=vlan2
IF2=vlan3
P0_NET=192.168.1.0/24
P1_NET=192.168.2.0/24
P2_NET=192.168.3.0/24
IP1=192.168.2.100
IP2=192.168.3.100
P1=192.168.2.1
P2=192.168.3.1
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
ifconfig vlan3 192.168.3.100 netmask 255.255.255.0 broadcast 192.168.3.255 up
ip route delete default
ip route add $P1_NET dev $IF1 src $IP1 table 10
ip route add default via $P1 table 10
ip route add $P2_NET dev $IF2 src $IP2 table 20
ip route add default via $P2 table 20
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip rule add from $IP1 table 10
ip rule add from $IP2 table 20
ip route add $P0_NET dev $IF0 table 10
ip route add $P2_NET dev $IF2 table 10
ip route add 127.0.0.0/8 dev lo table 10
ip route add $P0_NET dev $IF0 table 20
ip route add $P1_NET dev $IF1 table 20
ip route add 127.0.0.0/8 dev lo table 20
ip route add default scope global nexthop via $P1 dev $IF1 nexthop via $P2 dev $IF2
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan3/rp_filter

and the following firewall script

IPTABLES="/usr/sbin/iptables"
iptables -I INPUT -i vlan3 -p icmp -j ACCEPT
NET_INT_INT=br0
NET_INT_IP=192.168.1.1
NET_INT_SUB=24
NET_INT_NET=192.168.1.0
NET_EXT_INT1=vlan2
NET_EXT_IP1=192.168.2.100
NET_EXT_GW1=192.168.2.1
NET_EXT_INT2=vlan3
NET_EXT_IP2=192.168.3.100
NET_EXT_GW2=192.168.3.1
ip route add default scope global nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1} nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2}
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 1
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to ${NET_EXT_IP1}
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}
$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/${NET_INT_SUB} -d ${NET_INT_IP} -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 50 -j ETH1
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2
for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
DEST=`echo $TO | cut -d ":" -f 1`
DPORT=`echo $TO | cut -d ":" -f 2`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done
#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
EPORT=`echo $FROM | cut -d ":" -f 5`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan3/rp_filter
echo "1"> /proc/sys/net/ipv4/ip_forward


I can ping both of the upstream connections. But I can't get the load balancing to work between them.

Any suggestions?
Sponsor
Almaz
DD-WRT Novice


Joined: 02 Oct 2008
Posts: 13

PostPosted: Fri Feb 15, 2013 20:27    Post subject: Reply with quote
If I have one connection as 10mb and a second connection is only 3mb how do I setup load weight ratio?
xana01
DD-WRT Novice


Joined: 12 Feb 2011
Posts: 12

PostPosted: Sun Jun 23, 2013 18:24    Post subject: Reply with quote
hello,
It's SEVERAL days I'm trying to set up the dual wan but sucsesse, I want to know sil it is possible to make a dual wan on a WRT54GL?

because I get to set up the Vlan2 the firewall, but I no IP

Tanks
bikkuri
DD-WRT Novice


Joined: 20 Nov 2013
Posts: 1

PostPosted: Wed Nov 20, 2013 5:59    Post subject: Please help with the firewall of the dualwan Reply with quote
Hello John,

Thanks for the great scripts.
I installed them on my router and after I ran the scripts,
I saw the second WAN IP was imported to NVRAM and the IP routes
and IP rules seem good too, but there might be problem with the
firewall.
I can not access internet after the change.
Though in the router I could ping internet very fast.
Could you please help me check if there is anything wrong with
the firewall?

I noticed in the firewall.firewall script, it imported rules from
NVRAM at the begining of the script.
But I checked and found the result of the below commands are all blank.
nvram get forward_spec
nvram get forward_port

root@unknown1:~# nvram show|grep forward
sshd_forwarding=0
forward_spec=
forward_entries=0
forward_port=
forwardspec_entries=0
size: 28800 bytes (3968 left)
root@unknown1:~# nvram get dmz_enable
0
root@unknown1:~#
Is that normal?

Please let me know if other information is required.

Thanks & Regards,
Marugao Bozu



dualwan.zip
 Description:
Please find the scripts I am using and the results attached.

Download
 Filename:  dualwan.zip
 Filesize:  4.79 KB
 Downloaded:  500 Time(s)

volvo64
DD-WRT Novice


Joined: 25 Jan 2015
Posts: 8

PostPosted: Tue Aug 25, 2015 18:06    Post subject: conceptual description? Reply with quote
OK, I know this is a very old topic that hasn't seen any updates in a couple of years, but I'm trying to do this and not getting anywhere.

I have a basic understanding of what the scripts are doing, but as my hardware isn't addressed anywhere in this topic, I'm having some problems implementing it. I have three routers available for this- one Linksys WRT320n and two Linksys E1000s.

Can someone familiar with the scripts provide a conceptual decription of what's going on here? I need to know how the VLANs work together to provide failover/load balancing. It would also be nice to know how the firewall rules address load balancing.

I would also love to know how exactly to make one WAN ethernet and the other WAN a WLAN bridge from the neighbors- this is completely legit; we've paid the neighors for nearly a year for access to their wifi, now we have our own cable (DHCP) service. I'd like to continue to pay the neighbors in order to see increased speeds and disparate connections for ISP failover- we have cable and they have DSL.

Any links/updates/info would be appreciated. Otherwise I'm going to have to spend $75 on a commercial load-balancing router, which I'd rather not do.
Goto page Previous  1, 2, 3 ... 66, 67, 68 Display posts from previous:    Page 68 of 68
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum